Field of the Invention
The present invention relates to an information processing apparatus communicable with a server apparatus performing device certification, the server apparatus performing the device certification, an information processing system, a control method, and a computer program.
Description of the Related Art
Recently, information processing apparatuses such as personal computers (PC) are provided with a security chip referred to as a trusted platform module (TPM). The TPM has a plurality of security functions, such as encryption processing and generation of a pair of keys securely managed.
The TPM further includes a register for storing a hash value of a software module and the like. The register is referred to as a platform configuration register (PCR). As a usage of the PCR, validity (altered or not) of each software module can be verified by comparing a hash value of the each software module obtained in advance with a hash value in the PCR.
For more specific usage, when activating components such as a basic input output system (BIOS), a boot loader, and an application, an information processing apparatus first stores a hash value of each component in the PCR in the order of activation. Then, the information processing apparatus, when connecting to a network, transmits the hash value in the PCR to a management server which stores a hash value of each software module. The management server received the hash value can verify whether software in the information processing apparatus is altered or not by comparing the hash values.
By the above-described processing, the management server can verify the software. The management server is not necessarily used in verification, however, a technique that the management server connected to a network verifies whether the software in the information processing apparatus is altered or not is generally referred to as device certification.
Japanese Patent Application Laid-Open No. 2014-26663 describes a technique for storing a hash value of a software module measured at the time of boot in a PCR, generating verification data based on the value in the PCR, and causing the management server to execute the device certification.
The PCR is a volatile memory, thus, when the information processing apparatus using the technique described in Japanese Patent Application Laid-Open No. 2014-26663 is powered off, the hash value stored in the PCR is lost. Normal power-off does not cause a problem, however, power-off using a hibernation function may cause a problem in some cases.
The hibernation function is a function of storing contents stored in a main memory to a non-volatile storage device before power-off and, when the information processing apparatus is activated next, expanding the information stored in the non-volatile storage device in the main memory to return the information processing apparatus to a state before the power-off. The return using the hibernation function has advantages such that activation can be quicker than normal activation, therefore the hibernation function is implemented in many information processing apparatuses.
However, as described above, when the information processing apparatus is powered off using the hibernation function, the contents in the main memory are saved, but the hash value stored in the PCR is lost. Therefore, if the device certification is attempted to be performed after returning from a hibernation state, only a hash value of a software module activated after the return is transmitted to the management server.
As a result, a hash value of a software module activated before entering the hibernation state cannot be confirmed, and the management server regards the software module as altered despite that the software module is not altered. Therefore, according to the conventional technique, the device certification cannot be normally performed after returning from the hibernation state.